Information Rights Management (IRM)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We've talked about different ways
00:00
of protecting and identifying data.
00:00
But now we're going to talk specifically
00:00
about protections and access rights to data,
00:00
often referred to as information rights management.
00:00
In this lesson, we're going to talk about
00:00
what information rights management is,
00:00
the importance of information rights management
00:00
in Cloud environments,
00:00
and the impact of
00:00
information rights management on
00:00
both your organization and
00:00
your customers in some considerations to what data you
00:00
really need to protect
00:00
using information rights management.
00:00
What is it? Information rights management
00:00
is really the concept of
00:00
applying access control rights to information assets,
00:00
both internally and some
00:00
that may leave your organization,
00:00
and how do you enforce that through
00:00
internal and external controls and technologies.
00:00
Now, I'm sorry,
00:00
information rights management is
00:00
often used interchangeably with
00:00
the term digital rights management or
00:00
data rights management or
00:00
even enterprise data rights management.
00:00
But for simplicity's sake,
00:00
we're just going to use
00:00
the term information rights management.
00:00
You can think of this as
00:00
being internally facing and externally
00:00
facing in terms of how digital assets are protected,
00:00
their access rights are managed
00:00
within your organization,
00:00
and then how intellectual property data
00:00
is managed externally.
00:00
Enterprise data rights management
00:00
really refers to how do you
00:00
protect and manage the access
00:00
to information within your organization.
00:00
We've talked about different ways of
00:00
discovering data and classifying it.
00:00
But as we'll get further along,
00:00
you'll see there are very specific tools
00:00
and techniques for
00:00
enforcing access rights within
00:00
your organization to ensure, say for example,
00:00
that financial information,
00:00
if you're a publicly-traded company,
00:00
doesn't get disclosed to anybody
00:00
who doesn't need to see it,
00:00
or maybe that information is sensitive regarding
00:00
your security or if you have a Cloud application,
00:00
a penetration test that
00:00
disclosed some vulnerabilities about your application,
00:00
that would be pretty sensitive information
00:00
and you should apply
00:00
appropriate information rights management
00:00
techniques to ensure that
00:00
those vulnerabilities don't just get
00:00
disclosed to audiences who might misuse them.
00:00
Then there's customer data rights management
00:00
or information rights management.
00:00
When it comes to customers,
00:00
a lot of this is we think of the protection of
00:00
music video or e-books.
00:00
This is often the case where or in
00:00
the Cloud contexts. Perhaps
00:00
you're a SaaS software provider,
00:00
how do you ensure that if
00:00
you're providing access to software in
00:00
your organization then your customer doesn't have
00:00
access to sensitive aspects of this?
00:00
Also in the Cloud context,
00:00
going back to the enterprise rights management piece,
00:00
you want to make sure that certain of
00:00
aspects of intellectual property such as
00:00
your codebase that you might be
00:00
using in a platform as a service environment,
00:00
make sure that access is protected on there.
00:00
But going back to the customer appease,
00:00
you really want to ensure that
00:00
any intellectual property that you're
00:00
granting customers access
00:00
>> to our appropriately protected,
00:00
>> and then if there are any violations of
00:00
those protections or accesses
00:00
>> that you're aware of them.
00:00
>> Let's reflect for a moment.
00:00
What information artifacts at your organization fall
00:00
under enterprise information rights management?
00:00
Often in our roles we can feel
00:00
>> somewhat siloed to focused
00:00
>> on our functional objectives.
00:00
However, understanding what data
00:00
is being used and how to enforce
00:00
>> these principles such as
00:00
>> least privilege and the least amount
00:00
of access necessary to do
00:00
one's job is really
00:00
important and we should consider it going
00:00
forward as a primary mental model
00:00
for how to protect data.
00:00
Our second reflection is what
00:00
information artifacts at your organization
00:00
fall under customer rights management.
00:00
What are pieces of information or
00:00
intellectual property that you allow customers to
00:00
access and how do you properly protect them
00:00
and prevent misuse and abuse?
00:00
In summary, we talked about
00:00
the concept of information rights management.
00:00
We talked about its importance and impact of
00:00
information rights management.
00:00
I'll see you in the next lesson.
Up Next